SlideShare uma empresa Scribd logo

Digital self defense iia isaca it audit seminar

Transferir como PPTX, PDF
Ben Woelk, CISSP, CPTC
Ben Woelk, CISSP, CPTC

Presentation of RIT security awareness program

Tecnologia
1 de 43
Rochester IIA & ISACA IT Audit Seminar December 10, 2015 Ben Woelk, CISSP ISO Program Manager Rochester Institute of Technology
Copyright © 2015 Rochester Institute of Technology Presentation Overview • Background • Communications Plan Basics • RIT Implementation • Success? • Discussion
Copyright © 2014 Rochester Institute of Technology BACKGROUND
Copyright © 2015 Rochester Institute of Technology My Background • Corporate • Higher Education – ISO Office – Adjunct • Techcomm • Computing Security
Copyright © 2014 Rochester Institute of Technology Rochester Institute of Technology • RIT Environment – 18,500 students – 3,500 faculty and staff – International Locations – ~40,000+ systems on the network at any given time – Very skilled IT security students
Copyright © 2014 Rochester Institute of Technology RIT Information Security • RIT ISO – 3 full time • Information Security Officer • Program Manager • Sr. Forensics Investigator – 1-4 student employees • Mix of coop and part- time • Risk Management, not Information Technology
Copyright © 2014 Rochester Institute of Technology COMMUNICATIONS PLAN BASICS
Copyright © 2015 Rochester Institute of Technology Communications Plan • Benefits – Systematic approach – Repeatable – Set and achieve goals – Be proactive – Be strategy driven, not event driven – Strategic plan drives marketing/communications plan
Copyright © 2015 Rochester Institute of Technology TechComm 101 • “We explain things” (R. J. Lippincott, Intercom) • Characteristics – Interactive and adaptable – Reader centered • Personas – Contextualized – Concise – Visual – Cross cultural
Copyright © 2014 Rochester Institute of Technology RIT IMPLEMENTATION
Copyright © 2015 Rochester Institute of Technology Digital Self Defense Goals • Inform the entire population about threats. • Educate new members of the RIT community on Information Security topics. • Maintain current information outputs and engagement on Information Security topics. • Create new avenues for communication to expand awareness of Information Security office. • Inform community of new Infosec initiatives
Copyright © 2015 Rochester Institute of Technology Challenges • Multiple audiences • Messaging overload • 30% annual turnover • What, me worry? • Dry/technical subject
Copyright © 2015 Rochester Institute of Technology Security Awareness Plan • Components – Audience analysis – Key messages – Communications channels – Calendar of promotions – Develop relationships
Copyright © 2015 Rochester Institute of Technology Target Audiences
Copyright © 2015 Rochester Institute of Technology Strategies • Consistent outreach • Creative/fun deliverables • New communication channels • “What’s in it for me?” fulfillment – Emphasizing home use – Easy-to-implement best practices – Consequences of non-compliance – Interactive elements
Copyright © 2015 Rochester Institute of Technology Key Message • Short and Simple
Copyright © 2015 Rochester Institute of Technology Calendar of Promotions
Copyright © 2015 Rochester Institute of Technology Monthly Topics Month Topic June, July, August Pre-Semester, Start of Semester September New Students, New Semester, New Threats October Cyber Security Awareness Month November No Click November December Scams and Hoaxes January Data Privacy Month February Ph(F)ebruary Phish March Mobile Device Madness April Spring Cleaning May Graduating to Good Passwords
Copyright © 2015 Rochester Institute of Technology Pre-Semester/Start of Semester
Copyright © 2015 Rochester Institute of Technology Communications Channels • What’s the best vehicle?
Copyright © 2015 Rochester Institute of Technology Develop Relationships
Copyright © 2015 Rochester Institute of Technology RIT Infosec Website
Copyright © 2015 Rochester Institute of Technology RIT Social Media
Copyright © 2015 Rochester Institute of Technology Posters
Copyright © 2015 Rochester Institute of Technology Go Phish https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
Copyright © 2014 Rochester Institute of Technology Alerts and Advisories • Message Center Portal/email • Ad hoc • ~20 per academic year
Copyright © 2014 Rochester Institute of Technology Move-in
Copyright © 2015 Rochester Institute of Technology New Student Orientation
Copyright © 2015 Rochester Institute of Technology Lightning Talks • Six minute presentations • Slides move every 18 seconds • Topics – Online reputation management – Illegal file sharing – Safe use of social media – Securing mobile devices
Copyright © 2015 Rochester Institute of Technology DSD Lightning Talk • https://www.youtube.com/watch?v=-Yo8TV-ZLbE
Copyright © 2015 Rochester Institute of Technology New vehicles this fall • Bus posters • Employee Benefits Fair • RIT Information Security Field Guide to Identifying Phishing and Scams
Copyright © 2015 Rochester Institute of Technology DSD 101 classes • Tips, Tricks, and Best Practices for staying safe online – Monthly – Departmental presentations
Copyright © 2015 Rochester Institute of Technology RIT Digital Self Defense Team • Launched 11/11/15 – Using internal survey tool to collect metrics and recruit team members – 535 survey participants; 206 joined DSD Team
Copyright © 2015 Rochester Institute of Technology In Development • Phishing exercises
Copyright © 2014 Rochester Institute of Technology SUCCESS?
Copyright © 2015 Rochester Institute of Technology Evaluation Tools • Internal survey tool – Fall baseline (open now) – Spring progress
Copyright © 2015 Rochester Institute of Technology Social Media Evaluation
Copyright © 2015 Rochester Institute of Technology External Evaluations • Use with care • Kred (2013) – Influence (trust) – Outreach (propensity to share) • Klout (2009) – Perceived social influence
Copyright © 2015 Rochester Institute of Technology Evaluate and Make Mid-Course Corrections • You will make mistakes • Don’t be afraid to make a change • Did it make a difference? • Ways to evaluate – Surveys – Analytics From austinevan
Copyright © 2015 Rochester Institute of Technology Key Success Factors • What’s in it for them? • Relevant at home as well as at work • Reach them where they are
Copyright © 2015 Rochester Institute of Technology Resources • EDUCAUSE – Cybersecurity Awareness Resource Library – Security Awareness Quick Start and Advanced Guides • W. K. Kellogg Foundation Template for Strategic Communications Plan • Richard Johnson-Sheehan Technical Communication Today • Society for Technical Communication
Copyright © 2015 Rochester Institute of Technology Contact Me Ben Woelk Ben.woelk@gmail.com; ben.woelk@rit.edu Benwoelk.com @benwoelk www.linkedin.com/in/benwoelk/
Copyright © 2014 Rochester Institute of Technology DISCUSSION

Recomendados

Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
Ben Woelk, CISSP, CPTC
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
Ben Woelk, CISSP, CPTC
 
Resume
ResumeResume
Resume
Steven Shi
 
Posterous versus homework noel jenkins
Posterous versus homework noel jenkinsPosterous versus homework noel jenkins
Posterous versus homework noel jenkins
Noel Jenkins
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
Ben Woelk, CISSP, CPTC
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
Ben Woelk, CISSP, CPTC
 
Empowering the Introvert Within stc13
Empowering the Introvert Within stc13Empowering the Introvert Within stc13
Empowering the Introvert Within stc13
Ben Woelk, CISSP, CPTC
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
Ben Woelk, CISSP, CPTC
 

Recomendados

Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
Ben Woelk, CISSP, CPTC
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
Ben Woelk, CISSP, CPTC
 
Resume
ResumeResume
Resume
Steven Shi
 
Posterous versus homework noel jenkins
Posterous versus homework noel jenkinsPosterous versus homework noel jenkins
Posterous versus homework noel jenkins
Noel Jenkins
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
Ben Woelk, CISSP, CPTC
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
Ben Woelk, CISSP, CPTC
 
Empowering the Introvert Within stc13
Empowering the Introvert Within stc13Empowering the Introvert Within stc13
Empowering the Introvert Within stc13
Ben Woelk, CISSP, CPTC
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
Ben Woelk, CISSP, CPTC
 
UNYCC Information Security Discussion
UNYCC Information Security DiscussionUNYCC Information Security Discussion
UNYCC Information Security Discussion
Ben Woelk, CISSP, CPTC
 
The Course Implementation
The Course ImplementationThe Course Implementation
The Course Implementation
Leia Jackson
 
Controlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM GovernanceControlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM Governance
Cherwell Software
 
Tools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In SchoolsTools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In Schools
fridayinstitute
 
Co-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSIONCo-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSION
Joyce Lu
 
[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey
WSO2
 
Et5083 module 3 application ppt
Et5083 module 3 application pptEt5083 module 3 application ppt
Et5083 module 3 application ppt
swahl123
 
2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in Review2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in Review
Jamie Seger
 
Introduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter dataIntroduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter data
Dr Wasim Ahmed
 
Online education in the field of Responsible Education
Online education in the field of Responsible EducationOnline education in the field of Responsible Education
Online education in the field of Responsible Education
TU Delft, Faculty of Technology, Policy and Management
 
GR Techincal Resume
GR Techincal ResumeGR Techincal Resume
GR Techincal Resume
Gedeon Richemond
 
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
SURF Events
 
FDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdfFDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdf
gurukhade1
 
Transforming student engagement using mobile technology
Transforming student engagement using mobile technologyTransforming student engagement using mobile technology
Transforming student engagement using mobile technology
Capita FHE
 
How to Build a Learning Tech Stack
How to Build a Learning Tech StackHow to Build a Learning Tech Stack
How to Build a Learning Tech Stack
Watershed
 
NUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information SessionNUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information Session
engtsze
 
PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)
Michael Dobe, Ph.D.
 
Learning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 MeetingLearning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 Meeting
James Little
 
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil RinganALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG
 
Management of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologiesManagement of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologies
Giovanni Marconato
 
Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
Ben Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Ben Woelk, CISSP, CPTC
 

Mais conteúdo relacionado

Semelhante a Digital self defense iia isaca it audit seminar

Tools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In SchoolsTools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In Schools
fridayinstitute
 
Co-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSIONCo-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSION
Joyce Lu
 
Et5083 module 3 application ppt
Et5083 module 3 application pptEt5083 module 3 application ppt
Et5083 module 3 application ppt
swahl123
 
PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)
Michael Dobe, Ph.D.
 
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil RinganALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG
 

Semelhante a Digital self defense iia isaca it audit seminar (20)

UNYCC Information Security Discussion
UNYCC Information Security DiscussionUNYCC Information Security Discussion
UNYCC Information Security Discussion
 
The Course Implementation
The Course ImplementationThe Course Implementation
The Course Implementation
 
Controlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM GovernanceControlling the Chaos with ITSM Governance
Controlling the Chaos with ITSM Governance
 
Tools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In SchoolsTools And Resources For Continuous Improvement Of Technology In Schools
Tools And Resources For Continuous Improvement Of Technology In Schools
 
Co-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSIONCo-op Presentation Fall_Winter_2014 FINAL VERSION
Co-op Presentation Fall_Winter_2014 FINAL VERSION
 
[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey
 
Et5083 module 3 application ppt
Et5083 module 3 application pptEt5083 module 3 application ppt
Et5083 module 3 application ppt
 
2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in Review2015 OSU Extension Ed Tech Year in Review
2015 OSU Extension Ed Tech Year in Review
 
Introduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter dataIntroduction to software that can be used to capture and analyse Twitter data
Introduction to software that can be used to capture and analyse Twitter data
 
Online education in the field of Responsible Education
Online education in the field of Responsible EducationOnline education in the field of Responsible Education
Online education in the field of Responsible Education
 
GR Techincal Resume
GR Techincal ResumeGR Techincal Resume
GR Techincal Resume
 
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
Ethics & Privacy issues in the context of Learning Analytics - Alan Berg, Mar...
 
FDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdfFDP MP IITJ TISC.pdf
FDP MP IITJ TISC.pdf
 
Transforming student engagement using mobile technology
Transforming student engagement using mobile technologyTransforming student engagement using mobile technology
Transforming student engagement using mobile technology
 
How to Build a Learning Tech Stack
How to Build a Learning Tech StackHow to Build a Learning Tech Stack
How to Build a Learning Tech Stack
 
NUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information SessionNUS-ISS Digital Architecture Information Session
NUS-ISS Digital Architecture Information Session
 
PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)PMU ITD Strategic Plan (2011-2016)
PMU ITD Strategic Plan (2011-2016)
 
Learning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 MeetingLearning Technologist Network - Overview and January 2015 Meeting
Learning Technologist Network - Overview and January 2015 Meeting
 
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil RinganALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
ALTNWESIG Embedding Technology Enhanced Learning by Dr Neil Ringan
 
Management of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologiesManagement of Distance Learning Systems in China - Selecting technologies
Management of Distance Learning Systems in China - Selecting technologies
 

Mais de Ben Woelk, CISSP, CPTC

We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
Ben Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
Ben Woelk, CISSP, CPTC
 

Mais de Ben Woelk, CISSP, CPTC (20)

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
 
Building a Culture of Digital Self Defense
Building a Culture of Digital Self DefenseBuilding a Culture of Digital Self Defense
Building a Culture of Digital Self Defense
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
 
A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14
 
A Techcomm Bestiary Spectrum14
A Techcomm Bestiary Spectrum14A Techcomm Bestiary Spectrum14
A Techcomm Bestiary Spectrum14
 
Shockproofing Your Use of Social Media (professional development progression)
Shockproofing Your Use of Social Media (professional development progression)Shockproofing Your Use of Social Media (professional development progression)
Shockproofing Your Use of Social Media (professional development progression)
 
Security Awareness at RIT 2012-2013
Security Awareness at RIT 2012-2013Security Awareness at RIT 2012-2013
Security Awareness at RIT 2012-2013
 
Empowering the Introvert Within: Becoming an Outstanding Leader
Empowering the Introvert Within: Becoming an Outstanding Leader Empowering the Introvert Within: Becoming an Outstanding Leader
Empowering the Introvert Within: Becoming an Outstanding Leader
 
Bulletproofing Your Career Online
Bulletproofing Your Career OnlineBulletproofing Your Career Online
Bulletproofing Your Career Online
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Digital self defense iia isaca it audit seminar

  • 1. Rochester IIA & ISACA IT Audit Seminar December 10, 2015 Ben Woelk, CISSP ISO Program Manager Rochester Institute of Technology
  • 2. Copyright © 2015 Rochester Institute of Technology Presentation Overview • Background • Communications Plan Basics • RIT Implementation • Success? • Discussion
  • 3. Copyright © 2014 Rochester Institute of Technology BACKGROUND
  • 4. Copyright © 2015 Rochester Institute of Technology My Background • Corporate • Higher Education – ISO Office – Adjunct • Techcomm • Computing Security
  • 5. Copyright © 2014 Rochester Institute of Technology Rochester Institute of Technology • RIT Environment – 18,500 students – 3,500 faculty and staff – International Locations – ~40,000+ systems on the network at any given time – Very skilled IT security students
  • 6. Copyright © 2014 Rochester Institute of Technology RIT Information Security • RIT ISO – 3 full time • Information Security Officer • Program Manager • Sr. Forensics Investigator – 1-4 student employees • Mix of coop and part- time • Risk Management, not Information Technology
  • 7. Copyright © 2014 Rochester Institute of Technology COMMUNICATIONS PLAN BASICS
  • 8. Copyright © 2015 Rochester Institute of Technology Communications Plan • Benefits – Systematic approach – Repeatable – Set and achieve goals – Be proactive – Be strategy driven, not event driven – Strategic plan drives marketing/communications plan
  • 9. Copyright © 2015 Rochester Institute of Technology TechComm 101 • “We explain things” (R. J. Lippincott, Intercom) • Characteristics – Interactive and adaptable – Reader centered • Personas – Contextualized – Concise – Visual – Cross cultural
  • 10. Copyright © 2014 Rochester Institute of Technology RIT IMPLEMENTATION
  • 11. Copyright © 2015 Rochester Institute of Technology Digital Self Defense Goals • Inform the entire population about threats. • Educate new members of the RIT community on Information Security topics. • Maintain current information outputs and engagement on Information Security topics. • Create new avenues for communication to expand awareness of Information Security office. • Inform community of new Infosec initiatives
  • 12. Copyright © 2015 Rochester Institute of Technology Challenges • Multiple audiences • Messaging overload • 30% annual turnover • What, me worry? • Dry/technical subject
  • 13. Copyright © 2015 Rochester Institute of Technology Security Awareness Plan • Components – Audience analysis – Key messages – Communications channels – Calendar of promotions – Develop relationships
  • 14. Copyright © 2015 Rochester Institute of Technology Target Audiences
  • 15. Copyright © 2015 Rochester Institute of Technology Strategies • Consistent outreach • Creative/fun deliverables • New communication channels • “What’s in it for me?” fulfillment – Emphasizing home use – Easy-to-implement best practices – Consequences of non-compliance – Interactive elements
  • 16. Copyright © 2015 Rochester Institute of Technology Key Message • Short and Simple
  • 17. Copyright © 2015 Rochester Institute of Technology Calendar of Promotions
  • 18. Copyright © 2015 Rochester Institute of Technology Monthly Topics Month Topic June, July, August Pre-Semester, Start of Semester September New Students, New Semester, New Threats October Cyber Security Awareness Month November No Click November December Scams and Hoaxes January Data Privacy Month February Ph(F)ebruary Phish March Mobile Device Madness April Spring Cleaning May Graduating to Good Passwords
  • 19. Copyright © 2015 Rochester Institute of Technology Pre-Semester/Start of Semester
  • 20. Copyright © 2015 Rochester Institute of Technology Communications Channels • What’s the best vehicle?
  • 21. Copyright © 2015 Rochester Institute of Technology Develop Relationships
  • 22. Copyright © 2015 Rochester Institute of Technology RIT Infosec Website
  • 23. Copyright © 2015 Rochester Institute of Technology RIT Social Media
  • 24. Copyright © 2015 Rochester Institute of Technology Posters
  • 25. Copyright © 2015 Rochester Institute of Technology Go Phish https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
  • 26. Copyright © 2014 Rochester Institute of Technology Alerts and Advisories • Message Center Portal/email • Ad hoc • ~20 per academic year
  • 27. Copyright © 2014 Rochester Institute of Technology Move-in
  • 28. Copyright © 2015 Rochester Institute of Technology New Student Orientation
  • 29. Copyright © 2015 Rochester Institute of Technology Lightning Talks • Six minute presentations • Slides move every 18 seconds • Topics – Online reputation management – Illegal file sharing – Safe use of social media – Securing mobile devices
  • 30. Copyright © 2015 Rochester Institute of Technology DSD Lightning Talk • https://www.youtube.com/watch?v=-Yo8TV-ZLbE
  • 31. Copyright © 2015 Rochester Institute of Technology New vehicles this fall • Bus posters • Employee Benefits Fair • RIT Information Security Field Guide to Identifying Phishing and Scams
  • 32. Copyright © 2015 Rochester Institute of Technology DSD 101 classes • Tips, Tricks, and Best Practices for staying safe online – Monthly – Departmental presentations
  • 33. Copyright © 2015 Rochester Institute of Technology RIT Digital Self Defense Team • Launched 11/11/15 – Using internal survey tool to collect metrics and recruit team members – 535 survey participants; 206 joined DSD Team
  • 34. Copyright © 2015 Rochester Institute of Technology In Development • Phishing exercises
  • 35. Copyright © 2014 Rochester Institute of Technology SUCCESS?
  • 36. Copyright © 2015 Rochester Institute of Technology Evaluation Tools • Internal survey tool – Fall baseline (open now) – Spring progress
  • 37. Copyright © 2015 Rochester Institute of Technology Social Media Evaluation
  • 38. Copyright © 2015 Rochester Institute of Technology External Evaluations • Use with care • Kred (2013) – Influence (trust) – Outreach (propensity to share) • Klout (2009) – Perceived social influence
  • 39. Copyright © 2015 Rochester Institute of Technology Evaluate and Make Mid-Course Corrections • You will make mistakes • Don’t be afraid to make a change • Did it make a difference? • Ways to evaluate – Surveys – Analytics From austinevan
  • 40. Copyright © 2015 Rochester Institute of Technology Key Success Factors • What’s in it for them? • Relevant at home as well as at work • Reach them where they are
  • 41. Copyright © 2015 Rochester Institute of Technology Resources • EDUCAUSE – Cybersecurity Awareness Resource Library – Security Awareness Quick Start and Advanced Guides • W. K. Kellogg Foundation Template for Strategic Communications Plan • Richard Johnson-Sheehan Technical Communication Today • Society for Technical Communication
  • 42. Copyright © 2015 Rochester Institute of Technology Contact Me Ben Woelk Ben.woelk@gmail.com; ben.woelk@rit.edu Benwoelk.com @benwoelk www.linkedin.com/in/benwoelk/
  • 43. Copyright © 2014 Rochester Institute of Technology DISCUSSION

Notas do Editor

  1. What’s the best vehicle? Paper: Brochures, advertisements Digital: online sites, RSS links to website Social media: Facebook, Twitter, LinkedIn Video: YouTube In person: presentations, information fairs All of the above!